Modern Health moved to a Zero Trust model while improving IT productivity
By switching to Twingate, the fully remote team at Modern Health was able to implement least privilege access while improving productivity for the IT team, saving an estimated 250 hours.
“Twingate was the missing puzzle piece in safely scaling our access provisioning for internal resources. Our employees and IT staff love it, and the security team can sleep better at night knowing that we use it over a traditional VPN.”
Nathan Norton
Senior Staff Security Engineer
Challenge
The Modern Health team is complex, with a fully remote global workforce of over 400 employees that ranges from DevOps and IT to certified coaches and mental health professionals. As a leader in the healthcare space, the team at Modern Health wanted to put security into their design process, ensuring their employees are able to access critical resources, including sensitive personal data, without the hurdles and additional risk posed by traditional VPNs.
The team was especially concerned about the east-west traffic made accessible through the flat network structure typically required by VPNs. “When someone’s foot is in the door with a VPN, they can kind of go everywhere within the network,” said Nate Norton, the Senior Staff Security Engineer. “We were facing the challenge of being able to scale up the number of systems that we were managing while also making safe connections for our internal users to those systems.”
Managing secure access for their remote workforce was a growing challenge. The team had to spend hours manually provisioning and removing access for users, a process that was time consuming and had the potential to expose them to unwanted risk. “It was always an incredibly lengthy process that had a lot of risk associated,” said Norton. “We had to provision accounts in a specific way, and the systems that we were using did not really offer more secure methods allowing people to get access.”
Solution
As the company continued to grow, the team at Modern Health identified the need to replace their VPN in order to meet their strident security standards, keep pace with their scaling workforce and tech stack, and reduce the strain on the IT and security teams.
Understanding that the best security framework is one focused on risk mitigation, Norton placed a “huge focus on defense-in-depth. We have to assume one layer will fail, so how can we reduce the blast radius?”
The Modern Health team was looking to apply the principle of least privilege to their network and resources. “Especially since we work with highly regulated data and systems that are incredibly sensitive, we didn’t want anybody with access to the network to even be able to get a network connection to some of those network resources,” said Norton.
After evaluating a number of vendors, Norton and the Modern Health team decided to replace their traditional VPN with Twingate’s Zero Trust remote access solution.
Results
Reduced cyberattack surface
Unlike a traditional VPN solution, with Twingate there is no concept of a public gateway and no requirement to have inbound ports open, enabling the Modern Health team to reduce their cyberattack surface.
Since deploying Twingate, Nate and the infrastructure team have further improved security by setting tighter boundaries around the services and resources employees need to access. “With Twingate we’re able to apply the principle of least privilege right out the gate,” said Norton. “Users are only able to get access to the things they’re supposed to, and they don’t get access to anything unless we specifically approve it.”
Seamless integrations, lightning fast IaC deployment
“One of the things that stood out was the integration with our identity provider Okta,” said Norton. “We were able to provision resources quickly using the infrastructure-as-code modules via Terraform.”
Modern Health’s wide range of employee roles meant that ease of use was critical. Because of Twingate’s user-friendly, lightweight end client, Modern Health was able to quickly roll out Twingate to end users.
“We wanted to get all of our users on board as quickly as possible,” said Norton. “We were able to motivate people to self-service.” Users were “excited to use Twingate” because it meant they could eliminate the clunky, unstable login system provided by their previous solution.
The Modern Health team had never seen this sort of engagement with end users for a security platform. “The reason for that is because there’s very few of these security tools that integrate so well with our identity provider,” Norton said.
Increased IT productivity
Between the ease of use, speed of deployment, and seamless integrations, the IT team saw productivity gains across the board.
Since users were able to leverage existing Okta login workflows, Norton and his team didn’t have to dedicate additional IT resources to training end users on a new process.
Between the Okta integration and improved access provisioning process, Norton’s team was able to save one hour per employee, saving the IT department an estimated 250 hours thanks to Twingate. “This has been a huge huge lift on our IT department,” Norton said.
Continuous Innovation
Norton described the support his team receives as “phenomenal,” and the Modern Health team plans to leverage their partnership with Twingate as a foundation for the future of their security strategy.
With Twingate’s Zero Trust Network Access solution in place, Norton and his team are looking to implement additional concepts of the Zero Trust model. “We’re going to lean more into device trust and the integration with our Mobile Device Management,” said Norton. Twingate will also allow his team to safely connect their external CI pipelines with specific internal resources to further simplify the topology required for certain Modern Health projects.